| Name | envshield JSON |
| Version |
3.0.0
JSON |
| download |
| home_page | None |
| Summary | EnvShield: A CLI for secure local environment management and secret prevention. |
| upload_time | 2025-10-28 13:40:55 |
| maintainer | None |
| docs_url | None |
| author | None |
| requires_python | >=3.10 |
| license | MIT License
Copyright (c) [2025] [Rabbil Yasar Sajal]
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE. |
| keywords |
environment
security
secrets
cli
devops
|
| VCS |
|
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# EnvShield 🛡️ – Environment Variable Management & Secret Scanner CLI
[](https://github.com/rabbilyasar/envshield/actions/workflows/ci.yml)
[](https://pypi.org/project/envshield/)
[](https://opensource.org/licenses/MIT)
[](https://pepy.tech/project/envshield)
[](https://www.envshield.dev)
**EnvShield is an open-source CLI for environment variable management, configuration as code, and proactive secret scanning—your caffeine-proof way to avoid the “oops, I just leaked prod keys” nightmare.**
[📚 Full Documentation](https://docs.envshield.dev/)
### Table of Contents
1. [Why Secure Environment Management Matters](#why-secure-environment-management-matters)
2. [Key Features of the EnvShield CLI](#key-features-of-the-envshield-cli)
3. [Installation](#installation)
4. [The EnvShield Philosophy: Schema-First Configuration](#the-envshield-philosophy-schema-first-configuration)
5. [CLI Commands](#cli-commands)
6. [Competitor Comparison: Choosing the Right Tool](#competitor-comparison-choosing-the-right-tool)
7. [The Brains of the Operation: The Core Files](#the-brains-of-the-operation-the-core-files)
8. [Future Roadmap: Teams & Enterprise](#future-roadmap-teams--enterprise)
9. [Community & Support](#community--support)
10. [TL;DR](#tldr)
## Why Secure Environment Management Matters
Managing `.env` files by copy-pasting them around like a hot potato is fun… until a secret lands in a public repo.
EnvShield solves the “dotenv dumpster fire” by giving you **schema-first configuration**, automatic documentation, and built-in **secret scanning**—all wrapped in a workflow lazy enough for a 3 a.m. commit.
## Key Features of the EnvShield CLI
- **Environment Variable Governance** – One `env.schema.toml` file becomes your single source of truth.
- **Open-Source Secret Scanner** – Detects API keys, private keys, and other credentials _before_ you push.
- **Local Development Workflow** – Automatic `.env.example` syncing and onboarding that even future-you will thank you for.
- **Git Pre-commit Hook** – Blocks secret leaks faster than you can say `git push --force`.
- **Configuration as Code** – Your environment config is version-controlled and documented like real code.
_(Translation: EnvShield is that overprotective friend who checks the door lock five times so you can sleep.)_
## Installation
Requires **Python 3.10+**.
```bash
pip install envshield
envshield --help
```
Done. Your project is now 72 % less combustible.
## The EnvShield Philosophy: Schema-First Configuration
EnvShield's power comes from a simple idea: your configuration should be treated like code. It introduces a single source of truth, the `env.schema.toml` file.
This file is a **"configuration contract"** that explicitly defines every environment variable your project needs. By defining your variables here, you get:
- **Automated Documentation**: Your `.env.example` is always perfectly in sync with your schema.
- **Ironclad Validation**: Catch typos and missing variables before you even run your app.
- **Proactive Security**: A built-in scanner and Git hook **prevent secrets from ever being committed**.
## CLI Commands
| Command | Purpose | Demo |
|---|---|---|
| `envshield init` | Auto-detects framework, creates env.schema.toml, installs the Git hook. |  |
| `envshield scan` | Scans files or staged commits for secrets. |  |
| `envshield install-hook` | Manually install or update the Git pre-commit hook. | For when you skipped step one because YOLO. |
| `envshield check <file>` | Validates a local .env file against the schema. |  |
| `envshield schema sync` | Regenerates .env.example from the schema. |  |
| `envshield setup` | Interactive onboarding to create a local env. |  |
| `envshield doctor` | Runs a full health check (and can auto-fix). |  |
| `envshield import <file>` | Intelligently converts an existing .env file into a new env.schema.toml. | The fastest way to adopt EnvShield for an existing project. |
## Competitor Comparison: Choosing the Right Tool
A scanner is a smoke detector. A cloud vault is an off-site bank. **EnvShield is the fireproof, self-organizing house you should have been living in all along.** It provides the complete local workflow that developers need to prevent secret leaks in the first place.
| **Developer Pain Point** | **EnvShield** 🛡️ | **TruffleHog / Gitleaks** | **Doppler / Infisical** | **`direnv`** |
| :------------------------------------ | :----------------------------------------------------------------------------------------------------------- | :--------------------------------------------------------------- | :-------------------------------------------------------------------------------------- | :-------------------------------- |
| **Preventing Secret Commits** | ✅ **Built-in**. `init` sets up an automated pre-commit hook. | ✅ **Core feature**. Specialized tools for just finding secrets. | ❌ **Indirectly**. Doesn't actively scan commits. | ❌ **Not addressed.** |
| **Migrating Existing Projects** | ✅ One-command `import`. `import` command auto-generates a schema from an existing .env file. | ❌ Not addressed. | ❌ Not addressed. (They manage, but don't import your old files) | ❌ Not addressed.
| **Streamlining Developer Onboarding** | ✅ **Automated**. The `setup` command interactively creates a local `.env` file from the project's template. | ❌ **Not addressed.** | ✅ **Strong**. Provides a central place to get secrets, but doesn't manage local files. | ❌ **Not addressed.** |
| **Preventing Configuration Drift** | ✅ **Solved**. The schema is the source of truth. `schema sync` and `check` enforce consistency. | ❌ **Not addressed.** | ✅ **Solved**. The cloud is the single source of truth. | ❌ **Not addressed.** |
| **Primary Focus** | **Complete Local Workflow**. Manages files, documents schemas, validates setups, and scans for leaks. | **Secret Detection Engine.** | **Cloud-Based Secret** Vault. | **Shell Environment Automation.** |
Think of scanners as smoke detectors and cloud vaults as off-site banks.
**EnvShield is the fire-proof, self-organizing house you should have been living in all along.**
## The Brains of the Operation: The Core Files
`envshield` is managed by two simple files you commit to your repository.
- `env.schema.toml`: The source of truth. This is where you define every variable your project needs.
```
# env.schema.toml
[DATABASE_URL]
description = "The full connection string for the PostgreSQL database."
secret = true # Marks this as sensitive
[LOG_LEVEL]
description = "Controls the application's log verbosity."
secret = false
defaultValue = "info" # Provides a fallback
```
- `envshield.yml`: The workflow config. In Phase 1, it's very simple and mainly points to your schema and defines scanner exclusions.
## Future Roadmap: Teams & Enterprise✨
Phase 1 is the free, powerful "Local Guardian." But the journey doesn't end there. Upcoming paid tiers will turn `envshield` into a complete collaboration and automation platform.
### Phase 2: The Team Collaborator (Paid Tier)
- `envshield use <profile>`: Instantly switch your entire project's configuration between different environments (e.g., `local`, `staging`).
- `envshield onboard <profile>`: A supercharged `setup` that can also run scripts like` docker compose up` and database migrations for a true one-command setup.
- `envshield share`: Securely share a secret with a teammate via an encrypted, one-time-use link.
- `envshield docs`: Generate beautiful Markdown or HTML documentation from your schema.
### Phase 3: The Enterprise-Grade System (Paid Tier)
- `envshield login`, `pull`, `push`: Full integration with a centralized, cloud-based secret vault.
- `envshield export`: Securely inject secrets into your CI/CD pipelines for automated deployments.
- **Audit Logs & RBAC**: A complete, compliant, and auditable history of all secret access and team permissions, managed through a web dashboard.
## **Community & Support**
Got questions? Have a brilliant idea? Come hang out with us!
- 🤔 **Ask a question on GitHub Discussions:**[Discussions](https://github.com/rabbilyasar/envshield/discussions/)
Or, Follow us on our socials:
## 🌍 Community & Links
- 🌐 Website: [envshield.dev](https://www.envshield.dev)
- 🐙 GitHub: [rabbilyasar/envshield](https://github.com/rabbilyasar/envshield)
- 🐍 PyPI: [EnvShield on PyPI](https://pypi.org/project/envshield/)
- 🤔 GitHub Discussions: [GitHub Discussions](https://github.com/rabbilyasar/envshield/discussions)
- 💬 Join our Discord:[@discord](https://discord.gg/dSEbvPW57N)
## **Contributing (Don't Be Shy)**
Spotted a bug? Think our jokes are terrible? We want to hear it all. Check out `CONTRIBUTING.md` to get started.
### TL;DR
**EnvShield = environment variable management + secret scanning + configuration as code + just enough sarcasm to keep you awake.**
Stop leaking secrets. Start shipping securely.
Raw data
{
"_id": null,
"home_page": null,
"name": "envshield",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.10",
"maintainer_email": null,
"keywords": "environment, security, secrets, cli, devops",
"author": null,
"author_email": "Rabbil Yasar Sajal <rabbilyasar@gmail.com>",
"download_url": "https://files.pythonhosted.org/packages/2f/1b/d966ba3ad87dade8ca52021ef799b0a96fb50e02d741819840a2511799a2/envshield-3.0.0.tar.gz",
"platform": null,
"description": "\n# EnvShield \ud83d\udee1\ufe0f \u2013 Environment Variable Management & Secret Scanner CLI\n\n\n[](https://github.com/rabbilyasar/envshield/actions/workflows/ci.yml)\n[](https://pypi.org/project/envshield/)\n[](https://opensource.org/licenses/MIT)\n[](https://pepy.tech/project/envshield)\n[](https://www.envshield.dev)\n\n\n**EnvShield is an open-source CLI for environment variable management, configuration as code, and proactive secret scanning\u2014your caffeine-proof way to avoid the \u201coops, I just leaked prod keys\u201d nightmare.**\n\n[\ud83d\udcda Full Documentation](https://docs.envshield.dev/)\n\n\n### Table of Contents\n\n1. [Why Secure Environment Management Matters](#why-secure-environment-management-matters)\n2. [Key Features of the EnvShield CLI](#key-features-of-the-envshield-cli)\n3. [Installation](#installation)\n\n4. [The EnvShield Philosophy: Schema-First Configuration](#the-envshield-philosophy-schema-first-configuration)\n5. [CLI Commands](#cli-commands)\n\n6. [Competitor Comparison: Choosing the Right Tool](#competitor-comparison-choosing-the-right-tool)\n\n7. [The Brains of the Operation: The Core Files](#the-brains-of-the-operation-the-core-files)\n\n8. [Future Roadmap: Teams & Enterprise](#future-roadmap-teams--enterprise)\n\n9. [Community & Support](#community--support)\n10. [TL;DR](#tldr)\n\n## Why Secure Environment Management Matters\n\nManaging `.env` files by copy-pasting them around like a hot potato is fun\u2026 until a secret lands in a public repo.\nEnvShield solves the \u201cdotenv dumpster fire\u201d by giving you **schema-first configuration**, automatic documentation, and built-in **secret scanning**\u2014all wrapped in a workflow lazy enough for a 3 a.m. commit.\n\n\n## Key Features of the EnvShield CLI\n\n\n\n- **Environment Variable Governance** \u2013 One `env.schema.toml` file becomes your single source of truth.\n\n- **Open-Source Secret Scanner** \u2013 Detects API keys, private keys, and other credentials _before_ you push.\n\n- **Local Development Workflow** \u2013 Automatic `.env.example` syncing and onboarding that even future-you will thank you for.\n\n- **Git Pre-commit Hook** \u2013 Blocks secret leaks faster than you can say `git push --force`.\n\n- **Configuration as Code** \u2013 Your environment config is version-controlled and documented like real code.\n\n_(Translation: EnvShield is that overprotective friend who checks the door lock five times so you can sleep.)_\n\n## Installation\nRequires **Python 3.10+**.\n```bash\npip install envshield\nenvshield --help\n```\n Done. Your project is now 72 % less combustible.\n\n## The EnvShield Philosophy: Schema-First Configuration\n\nEnvShield's power comes from a simple idea: your configuration should be treated like code. It introduces a single source of truth, the `env.schema.toml` file.\n\nThis file is a **\"configuration contract\"** that explicitly defines every environment variable your project needs. By defining your variables here, you get:\n\n- **Automated Documentation**: Your `.env.example` is always perfectly in sync with your schema.\n- **Ironclad Validation**: Catch typos and missing variables before you even run your app.\n- **Proactive Security**: A built-in scanner and Git hook **prevent secrets from ever being committed**.\n\n## CLI Commands\n\n| Command | Purpose | Demo |\n|---|---|---|\n| `envshield init` | Auto-detects framework, creates env.schema.toml, installs the Git hook. |  |\n| `envshield scan` | Scans files or staged commits for secrets. |  |\n| `envshield install-hook` | Manually install or update the Git pre-commit hook. | For when you skipped step one because YOLO. |\n| `envshield check <file>` | Validates a local .env file against the schema. |  |\n| `envshield schema sync` | Regenerates .env.example from the schema. |  |\n| `envshield setup` | Interactive onboarding to create a local env. |  |\n| `envshield doctor` | Runs a full health check (and can auto-fix). |  |\n| `envshield import <file>` | Intelligently converts an existing .env file into a new env.schema.toml. | The fastest way to adopt EnvShield for an existing project. |\n\n\n## Competitor Comparison: Choosing the Right Tool\n\nA scanner is a smoke detector. A cloud vault is an off-site bank. **EnvShield is the fireproof, self-organizing house you should have been living in all along.** It provides the complete local workflow that developers need to prevent secret leaks in the first place.\n\n| **Developer Pain Point** | **EnvShield** \ud83d\udee1\ufe0f | **TruffleHog / Gitleaks** | **Doppler / Infisical** | **`direnv`** |\n| :------------------------------------ | :----------------------------------------------------------------------------------------------------------- | :--------------------------------------------------------------- | :-------------------------------------------------------------------------------------- | :-------------------------------- |\n| **Preventing Secret Commits** | \u2705 **Built-in**. `init` sets up an automated pre-commit hook. | \u2705 **Core feature**. Specialized tools for just finding secrets. | \u274c **Indirectly**. Doesn't actively scan commits. | \u274c **Not addressed.** |\n| **Migrating Existing Projects** | \u2705 One-command `import`. `import` command auto-generates a schema from an existing .env file. | \u274c Not addressed. | \u274c Not addressed. (They manage, but don't import your old files) | \u274c Not addressed.\n| **Streamlining Developer Onboarding** | \u2705 **Automated**. The `setup` command interactively creates a local `.env` file from the project's template. | \u274c **Not addressed.** | \u2705 **Strong**. Provides a central place to get secrets, but doesn't manage local files. | \u274c **Not addressed.** |\n| **Preventing Configuration Drift** | \u2705 **Solved**. The schema is the source of truth. `schema sync` and `check` enforce consistency. | \u274c **Not addressed.** | \u2705 **Solved**. The cloud is the single source of truth. | \u274c **Not addressed.** |\n| **Primary Focus** | **Complete Local Workflow**. Manages files, documents schemas, validates setups, and scans for leaks. | **Secret Detection Engine.** | **Cloud-Based Secret** Vault. | **Shell Environment Automation.** |\n\n\n\nThink of scanners as smoke detectors and cloud vaults as off-site banks.\n**EnvShield is the fire-proof, self-organizing house you should have been living in all along.**\n\n## The Brains of the Operation: The Core Files\n\n`envshield` is managed by two simple files you commit to your repository.\n\n- `env.schema.toml`: The source of truth. This is where you define every variable your project needs.\n\n```\n # env.schema.toml\n\n [DATABASE_URL]\n description = \"The full connection string for the PostgreSQL database.\"\n secret = true # Marks this as sensitive\n\n [LOG_LEVEL]\n description = \"Controls the application's log verbosity.\"\n secret = false\n defaultValue = \"info\" # Provides a fallback\n```\n\n- `envshield.yml`: The workflow config. In Phase 1, it's very simple and mainly points to your schema and defines scanner exclusions.\n\n## Future Roadmap: Teams & Enterprise\u2728\n\nPhase 1 is the free, powerful \"Local Guardian.\" But the journey doesn't end there. Upcoming paid tiers will turn `envshield` into a complete collaboration and automation platform.\n\n### Phase 2: The Team Collaborator (Paid Tier)\n\n- `envshield use <profile>`: Instantly switch your entire project's configuration between different environments (e.g., `local`, `staging`).\n\n- `envshield onboard <profile>`: A supercharged `setup` that can also run scripts like` docker compose up` and database migrations for a true one-command setup.\n\n- `envshield share`: Securely share a secret with a teammate via an encrypted, one-time-use link.\n\n- `envshield docs`: Generate beautiful Markdown or HTML documentation from your schema.\n\n### Phase 3: The Enterprise-Grade System (Paid Tier)\n\n- `envshield login`, `pull`, `push`: Full integration with a centralized, cloud-based secret vault.\n\n- `envshield export`: Securely inject secrets into your CI/CD pipelines for automated deployments.\n\n- **Audit Logs & RBAC**: A complete, compliant, and auditable history of all secret access and team permissions, managed through a web dashboard.\n\n## **Community & Support**\n\nGot questions? Have a brilliant idea? Come hang out with us!\n\n- \ud83e\udd14 **Ask a question on GitHub Discussions:**[Discussions](https://github.com/rabbilyasar/envshield/discussions/)\n\nOr, Follow us on our socials:\n\n## \ud83c\udf0d Community & Links\n\n- \ud83c\udf10 Website: [envshield.dev](https://www.envshield.dev)\n- \ud83d\udc19 GitHub: [rabbilyasar/envshield](https://github.com/rabbilyasar/envshield)\n- \ud83d\udc0d PyPI: [EnvShield on PyPI](https://pypi.org/project/envshield/)\n- \ud83e\udd14 GitHub Discussions: [GitHub Discussions](https://github.com/rabbilyasar/envshield/discussions)\n- \ud83d\udcac Join our Discord:[@discord](https://discord.gg/dSEbvPW57N)\n\n## **Contributing (Don't Be Shy)**\n\nSpotted a bug? Think our jokes are terrible? We want to hear it all. Check out `CONTRIBUTING.md` to get started.\n\n### TL;DR\n\n**EnvShield = environment variable management + secret scanning + configuration as code + just enough sarcasm to keep you awake.**\nStop leaking secrets. Start shipping securely.\n",
"bugtrack_url": null,
"license": "MIT License\n \n Copyright (c) [2025] [Rabbil Yasar Sajal] \n \n Permission is hereby granted, free of charge, to any person obtaining a copy\n of this software and associated documentation files (the \"Software\"), to deal\n in the Software without restriction, including without limitation the rights\n to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\n copies of the Software, and to permit persons to whom the Software is\n furnished to do so, subject to the following conditions:\n \n The above copyright notice and this permission notice shall be included in all\n copies or substantial portions of the Software.\n \n THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\n SOFTWARE.",
"summary": "EnvShield: A CLI for secure local environment management and secret prevention.",
"version": "3.0.0",
"project_urls": null,
"split_keywords": [
"environment",
" security",
" secrets",
" cli",
" devops"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "5345c1522b37f526527f3e2a070bee721f0193e7ad8413b8aad4abe59814144e",
"md5": "7510fe2bea4198d45f2624a2bfa01d1b",
"sha256": "09cd50027aac03f113be55fe458a5b89a3717eef1bd928bae282df99e961fa30"
},
"downloads": -1,
"filename": "envshield-3.0.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "7510fe2bea4198d45f2624a2bfa01d1b",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.10",
"size": 38839,
"upload_time": "2025-10-28T13:40:54",
"upload_time_iso_8601": "2025-10-28T13:40:54.092396Z",
"url": "https://files.pythonhosted.org/packages/53/45/c1522b37f526527f3e2a070bee721f0193e7ad8413b8aad4abe59814144e/envshield-3.0.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "2f1bd966ba3ad87dade8ca52021ef799b0a96fb50e02d741819840a2511799a2",
"md5": "3532ddb13e7ed64a484daf3b1edc939e",
"sha256": "d915522a19f163c5c7bc4393b48a8f23179bcdee010e9f8aa68164baf389fb1c"
},
"downloads": -1,
"filename": "envshield-3.0.0.tar.gz",
"has_sig": false,
"md5_digest": "3532ddb13e7ed64a484daf3b1edc939e",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.10",
"size": 33081,
"upload_time": "2025-10-28T13:40:55",
"upload_time_iso_8601": "2025-10-28T13:40:55.996114Z",
"url": "https://files.pythonhosted.org/packages/2f/1b/d966ba3ad87dade8ca52021ef799b0a96fb50e02d741819840a2511799a2/envshield-3.0.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-10-28 13:40:55",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "envshield"
}
